On 27/07/17 19:57, Wahaj Ali wrote:
Resending the logs as they were not formatted correctly:
First request going to port 3128
root@madmin-VirtualBox:/home/madmin# export https_proxy="127.0.0.1:3128"
AFAIK, the above is in valid value for the https_proxy variable. It is
missing the URL scheme which tells curl whether HTTP or TLS is used to
connect to the proxy.
Since you are sending identical plain-text CONNECT requests in the two
ports the first one to receive the request forms the security context
used by the TLS server connection.
I believe what you are seeing is a result of the fake server
certificates being cached. The client requested domain is identical for
all tests, so the cached cert should be identical. However curl is
rejecting the certificate generated from SSLv3-enabled server connections.
Try with the dynamic_cert_mem_cache_size=0 option to disable cert caching.
Also, I highly recommend leaving port 443 for encrypted connections
(https_port directive). Using plain-text over it (http_port directive)
can be extremely problematic.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
